Hermes Agent security vulnerabilities

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 0.12.0 contain security vulnerabilities. These vulnerabilities stem from issues with the compresscontext function in the runagent.py file, which may lead to injectio...

Hermes Agent security vulnerabilities

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by a problem with the scanmemorycontent function in the tools/memorytool.py file. This vulnerability...

Blind Spots in the Guard: How Domain-Camouflaged Injection Attacks Evade Detection in Multi-Agent LLM Systems

Injection detectors deployed to protect LLM agents are calibrated on static, template-based payloads that announce themselves as override directives. We identify a systematic blind spot: when payloads are generated to mimic the domain vocabulary and authority structures of the target document, wh...

Apache OFBiz 安全漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by improper handling of...

Code-Projects Inventory Management System 注入漏洞

The Code-Projects Inventory Management System is an open-source inventory management system developed by Code-Projects. Version 1.0 of the Code-Projects Inventory Management System has a vulnerability related to injection attacks. This vulnerability stems from the handling of the Username paramet...

Enhancing REST API Fuzzing with Access Policy Violation Checks and Injection Attacks

Due to their widespread use in industry, several techniques have been proposed in the literature to fuzz REST APIs. Existing fuzzers for REST APIs have been focusing on detecting crashes e.g., 500 HTTP server error status code. However, security vulnerabilities can have major drastic consequences...

CVE-2025-55270

CVE-2025-55270 affects HCL Aftermarket DPC. The issue is described as improper input validation that enables an attacker to inject executable code, with potential consequences including XSS, SQL Injection, and Command Injection. The provided sources do not specify affected versions, root cause de...

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source library written in JavaScript that handles exceptional situations. This library can catch exceptions caused by the built-in APIs of node.js. Versions 17.0 to 28.4.1, 27.3.4.9, and 26.2.5.18 of Erlang/OTP contain security vulnerabilities. These vulnerabilities stem fro...

JFlow 安全漏洞

JFlow is a low-code BPM development platform open-sourced by Jinan Chicheng opencc in China. JFlow has a security vulnerability, which stems from incorrect operations on the function Calculate in the file src/main/java/bp/wf/httphandler/WFCCForm.java, potentially leading to injection attacks...

security-antipatterns-javascript

Security Anti-Patterns for JavaScript AI coding agents don't...

CVE-2019-12416

we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default...

Anviz AIM CrossChex Standard 安全漏洞

Anviz AIM CrossChex Standard is a time and attendance and access control management software from Anviz Corporation. A security vulnerability exists in Anviz AIM CrossChex Standard version 4.3.6.0, which stems from a user import field that can be used to insert malicious formulas, potentially...

Prompt Fencing: A Cryptographic Approach to Establishing Security Boundaries in Large Language Model Prompts

Large Language Models LLMs remain vulnerable to prompt injection attacks, representing the most significant security threat in production deployments. We present Prompt Fencing, a novel architectural approach that applies cryptographic authentication and data architecture principles to establish...

Resilient Distribution Network Planning against Dynamic Malicious Power Injection Attacks

Active distribution networks facilitating bidirectional power exchange with renewable energy resources are susceptible to cyberattacks due to integration of a diverse array of cyber components. This study introduces a grid-level defense strategy aimed at enhancing attack resiliency based on...

sql_injection_analyzer

sqlinjectionanalyzer This is a comprehensive educational t...

OpenAI’s Guardrails Can Be Bypassed by Simple Prompt Injection Attack

Just weeks after its release, OpenAI’s Guardrails system was quickly bypassed by researchers. Read how simple prompt injection attacks fooled the system’s AI judges and exposed an ongoing security concern for OpenAI...

CVE-2025-31995 HCL Unica MaxAI Workbench is vulnerable to improper input validation

HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc...

HCL Unica MaxAI Workbench 安全漏洞

HCL Unica MaxAI Workbench is an artificial intelligence modeling and prediction module from HCL India. A security vulnerability exists in HCL Unica MaxAI Workbench, which stems from improper input validation and could lead to SQL injection, cross-site scripting, or command injection attacks, whic...

CVE-2025-52624

A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a script whitelist configuration bypass and a misconfigured Content-Security-Policy header, which can be exploited by an attacker to cause cross-site scripting and other...